Don’t Make This $4M Medical Sales Mistake

In June, a judge ruled that MD Anderson Cancer Center violated HIPAA and must pay $4,348,000 to the HHS Office for Civil Rights.

These violations occurred after an unencrypted laptop was stolen from an MD Anderson employee’s residence and the loss of two unencrypted USB thumb drives holding the unencrypted electronic protected health information (ePHI) of more than 33,500 people.

This controversy serves as a reminder for everyone involved in healthcare — including medical sales reps — that small missteps can lead to major loss and damage.

And accidents and human error aren’t the only security threats medical sales companies face. There’s also the constant threat of hackers accessing and abusing customers’ information.

Here are four steps to protect you, your organization, and your customers from data breaches:

1. Look at data security as your responsibility

Often, medical sales reps forget the part they play in protecting client information. As long as you follow company policies, any issues are not your fault, right? Not exactly. There’s more you can do to increase security.

Put yourself in your clients’ shoes. Treat the data in your possession the same way you’d treat your own.

For example, it might be convenient to take home files when you need to work outside of the office. But remember, when you do that, you’re the sole guardian of that data. Don’t put yourself or your clients in such a compromising position.

Familiarize yourself with your company’s efforts to protect data. Even if you’re not tech-savvy, you need to know how information is being encrypted. This way, you can be confident that whatever information you have is safe.

2. Understand the laws

Legislation surrounding data security is always changing. It has to in order to keep up with advances in technology. Keep up by scheduling regular times for you to re-educate yourself about the laws.

This doesn’t mean you need to become a legal expert. But you should read the latest news and reach out to your company’s legal team if you have questions.

Also know that in some cases, it’s not only American laws you need to worry about.

In May, the EU’s General Data Protection Regulation (GDPR) became enforceable. This legislation doesn’t just apply to companies based in the EU. Any organizations with websites that collect visitor data from European Union citizens located anywhere in the world have to follow the regulations.

Take the time to familiarize yourself with these types of foreign laws.

3. Advocate for updated data encryption technology

Great medical sales reps advocate for their clients. They understand how the work impacts lives and want to make sure clients are treated with respect. This care extends to protecting data, as well.

Regularly check in with your employer to see what steps are being taken to make client information more secure. If you hear about a breach at another company, have a conversation to see if your team is susceptible to similar threats.

If you see holes in security or worry your employer isn’t taking data security seriously, remind them about the cost that’s on the line. Investing in high-quality security and encryption will pay off in the long-run.

4. Create a disaster plan

When important data is compromised, how you react is important. Your clients will feel vulnerable and may have lost some trust in you. The first priority is to rebuild those relationships.

The first step is to reach out to them quickly. As soon as your employer knows what’s been compromised, let affected parties know. If too much time passes before you talk to them, it will seem like your or your company are trying to cover something up.

Also, let clients know what’s being done to correct the situation. If they are going to remain loyal, they need to know they’ll be better protected in the future.

Finally, make yourself available to answer clients’ questions. Many people don’t know what to do in these situations, so having you as a resource to guide them through will go a long way.

—

What are other important factors to protecting confidential information? Share in the comments.